Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe)

TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe)


Log-Analyse und Auswertung: TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.11.2010, 12:41   #1
1mannlan
 
TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe) - Standard

TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe)


Hey,
ich habe mir wohl mal wieder einen Virus eingefangen. Woher er stammt weiß ich leider nicht, würde mich aber mal interessieren. Hab schon einen Thread mit dem gleichen Virus gefunden soweit ich weiß sind aber diese Entfernungs logs immer nur für einen Pc deshalb poste ich hier lieber nochmal.
Hijackthis log:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:19:08, on 07.11.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Games\World_of_Tanks_closed_Beta\WoT.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Wolfgang\Desktop\HiJackThis204.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HKLM] C:\Users\Wolfgang\AppData\Roaming\Winbooterr\Svchost.exe
O4 - HKCU\..\Run: [HKCU] C:\Users\Wolfgang\AppData\Roaming\Winbooterr\Svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Users\Wolfgang\AppData\Roaming\Winbooterr\Svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Users\Wolfgang\AppData\Roaming\Winbooterr\Svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Vlc Albumcover refresh.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Wolfgang\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7651 bytes
--- --- ---

OTL Logs:

Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.11.2010 12:35:59 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\*NAME*\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 711,04 Gb Free Space | 76,34% Space Free | Partition Type: NTFS
 
Computer Name: ZOCKBUDE | User Name: *NAME* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0916-000001000000}" = 7-Zip 9.16 (x64 edition)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit)
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Unlocker" = Unlocker 1.9.0-x64
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3143 Banner Remover 1.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks Closed Beta v.0.5.4.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Afterburner" = MSI Afterburner 2.0.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"FileZilla Client" = FileZilla Client 3.3.4.1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mp3tag" = Mp3tag v2.46a
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Pamela" = Pamela Pro 4.6
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 12900" = Audiosurf
"Steam App 4000" = Garry's Mod
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"VisiPics_is1" = VisiPics V1.30
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.11.2010 07:58:54 | Computer Name = Zockbude | Source = VSS | ID = 8194
Description = 
 
Error - 01.11.2010 15:52:11 | Computer Name = Zockbude | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.8.2985, 
Zeitstempel: 0x4c3b43ea  Name des fehlerhaften Moduls: ml_bookmarks.dll, Version: 
0.0.0.0, Zeitstempel: 0x4c3b43f6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000125a
ID
 des fehlerhaften Prozesses: 0x974  Startzeit der fehlerhaften Anwendung: 0x01cb79fe3c4cf54d
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll  Berichtskennung: 
83b094e1-e5f1-11df-810e-1c6f6540b871
 
Error - 02.11.2010 15:57:55 | Computer Name = Zockbude | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WoT.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c653acd  Name des fehlerhaften Moduls: WoT.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c653acd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002afeff  ID des fehlerhaften Prozesses:
 0xbf0  Startzeit der fehlerhaften Anwendung: 0x01cb7ac75afa62df  Pfad der fehlerhaften
 Anwendung: C:\Games\World_of_Tanks_closed_Beta\WoT.exe  Pfad des fehlerhaften Moduls:
 C:\Games\World_of_Tanks_closed_Beta\WoT.exe  Berichtskennung: 7b84f52e-e6bb-11df-a1dc-1c6f6540b871
 
Error - 05.11.2010 20:54:58 | Computer Name = Zockbude | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aebab8d  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b802  Ausnahmecode: 0xc0000006  Fehleroffset: 0x0000000000056ceb
ID
 des fehlerhaften Prozesses: 0x938  Startzeit der fehlerhaften Anwendung: 0x01cb7cebaccdf463
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7a167ca4-e940-11df-9914-1c6f6540b871
 
Error - 05.11.2010 20:54:59 | Computer Name = Zockbude | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\winsta.dll"
 zugegriffen werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
 mit der gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern,
 oder der Datenträger fehlt.  Das Programm Windows-Explorer wurde wegen dieses Fehlers
 geschlossen.    Programm: Windows-Explorer  Datei: C:\Windows\System32\winsta.dll    Der 
Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen
 Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem, das 
selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie 
weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk befindet,
   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht
 und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese sich auf
 einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen
 Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen und
 reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im
 Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: C000009C  Datenträgertyp: 3
 
Error - 07.11.2010 06:25:14 | Computer Name = Zockbude | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x240d7bde  ID des fehlerhaften
 Prozesses: 0x8ec  Startzeit der fehlerhaften Anwendung: 0x01cb7e660d079a9b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 4e7f56eb-ea59-11df-8e5b-1c6f6540b871
 
Error - 07.11.2010 06:25:14 | Computer Name = Zockbude | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x240d7bde  ID des fehlerhaften
 Prozesses: 0xbd0  Startzeit der fehlerhaften Anwendung: 0x01cb7e660d079a9b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 4e7fa50b-ea59-11df-8e5b-1c6f6540b871
 
Error - 07.11.2010 06:25:14 | Computer Name = Zockbude | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24077bde  ID des fehlerhaften
 Prozesses: 0x9f4  Startzeit der fehlerhaften Anwendung: 0x01cb7e660d079a9b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 4e7f7dfb-ea59-11df-8e5b-1c6f6540b871
 
Error - 07.11.2010 06:55:39 | Computer Name = Zockbude | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei  C:\Program
 Files (x86)\Internet Explorer\ielowutil.exe.   [IN_PAGE_ERROR Exception!! EIP = 0x10399b0]

 Bitte Avira informieren und die obige Datei übersenden!
 
Error - 07.11.2010 06:56:11 | Computer Name = Zockbude | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei  C:\Windows\SysWOW64\getmac.exe.

 [IN_PAGE_ERROR Exception!! EIP = 0x10399b0]   Bitte Avira informieren und die obige
 Datei übersenden!
 
[ System Events ]
Error - 07.11.2010 06:33:48 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 07.11.2010 06:33:55 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 07.11.2010 06:33:56 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 07.11.2010 06:44:13 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 07.11.2010 06:44:36 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 07.11.2010 06:44:46 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 07.11.2010 06:55:39 | Computer Name = Zockbude | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 07.11.2010 06:56:11 | Computer Name = Zockbude | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 07.11.2010 07:00:51 | Computer Name = Zockbude | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 07.11.2010 07:00:53 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira AntiVir Guard" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
 durchgeführt: Neustart des Diensts.
 
 
< End of report >
--- --- ---

OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.11.2010 12:35:59 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\*NAME*\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 711,04 Gb Free Space | 76,34% Space Free | Partition Type: NTFS
 
Computer Name: ZOCKBUDE | User Name: *NAME* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*NAME*\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
PRC - C:\Games\World_of_Tanks_closed_Beta\WoT.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*NAME*\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (sscemdm) -- C:\Windows\SysNative\drivers\sscemdm.sys (MCCI Corporation)
DRV:64bit: - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\SysNative\drivers\sscebus.sys (MCCI Corporation)
DRV:64bit: - (sscemdfl) -- C:\Windows\SysNative\drivers\sscemdfl.sys (MCCI Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1039unic.sys (MCCI Corporation)
DRV:64bit: - (s1039obex) -- C:\Windows\SysNative\drivers\s1039obex.sys (MCCI Corporation)
DRV:64bit: - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1039nd5.sys (MCCI Corporation)
DRV:64bit: - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1039mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1039mdm) -- C:\Windows\SysNative\drivers\s1039mdm.sys (MCCI Corporation)
DRV:64bit: - (s1039mdfl) -- C:\Windows\SysNative\drivers\s1039mdfl.sys (MCCI Corporation)
DRV:64bit: - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\SysNative\drivers\s1039bus.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 F8 6A EE 87 56 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}:1.0.0
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.11.06 18:38:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.29 14:18:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.06 18:38:18 | 000,000,000 | ---D | M]
 
[2010.09.17 18:00:56 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\mozilla\Extensions
[2010.11.06 18:40:44 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\mozilla\Firefox\Profiles\l3o1xypa.default\extensions
[2010.10.13 20:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*NAME*\AppData\Roaming\mozilla\Firefox\Profiles\l3o1xypa.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.04 18:09:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*NAME*\AppData\Roaming\mozilla\Firefox\Profiles\l3o1xypa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.01 10:40:32 | 000,000,000 | ---D | M] (OpenDownload) -- C:\Users\*NAME*\AppData\Roaming\mozilla\Firefox\Profiles\l3o1xypa.default\extensions\{F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}
[2010.11.06 18:40:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.10.17 14:14:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.18 18:07:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.20 17:43:16 | 000,000,998 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HKLM] C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe ()
O4 - HKCU..\Run: [HKCU] C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe ()
O4 - Startup: C:\Users\*NAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vlc Albumcover refresh.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*NAME*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*NAME*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{970e14cc-d90e-11df-93c9-1c6f6540b871}\Shell - "" = AutoRun
O33 - MountPoints2\{970e14cc-d90e-11df-93c9-1c6f6540b871}\Shell\AutoRun\command - "" = E:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.07 12:34:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\*NAME*\Desktop\OTL.exe
[2010.11.07 11:54:44 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\*NAME*\Desktop\HiJackThis204.exe
[2010.11.07 11:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.11.07 11:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.11.07 11:45:07 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Roaming\Avira
[2010.11.07 11:33:25 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.11.07 11:33:25 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.07 11:33:25 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.11.07 11:33:25 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.11.07 11:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.11.07 11:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.11.06 18:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.11.06 17:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010.11.06 17:56:34 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\Adobe Flash Builder 4
[2010.11.06 17:55:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010.11.06 17:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010.11.06 17:51:28 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010.11.06 17:51:28 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010.11.06 17:51:28 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010.11.06 17:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010.11.06 17:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2010.11.06 17:50:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.11.06 17:50:08 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.11.06 17:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010.11.06 13:15:51 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\Documents\200538011517-Dateien
[2010.11.05 21:12:45 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\Documents\ICQ
[2010.11.05 14:26:16 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\Desktop\Videos0001
[2010.11.01 21:13:24 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\Desktop\Trance Collection 4
[2010.11.01 17:50:47 | 000,000,000 | ---D | C] -- C:\Screens
[2010.10.31 20:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisiPics
[2010.10.31 13:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tools&More
[2010.10.31 13:31:35 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010.10.30 14:34:45 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Local\PunkBuster
[2010.10.29 15:13:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
[2010.10.29 14:30:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2010.10.27 04:49:59 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.10.27 04:49:59 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.10.27 04:49:59 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.10.27 04:49:59 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.10.27 04:49:59 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.10.27 04:49:59 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.10.27 04:49:59 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.10.27 04:49:54 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010.10.26 18:28:48 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Local\Google
[2010.10.26 18:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.10.25 21:01:20 | 000,161,280 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscemdm.sys
[2010.10.25 21:01:20 | 000,127,488 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscebus.sys
[2010.10.25 21:01:20 | 000,018,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscemdfl.sys
[2010.10.25 21:01:20 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscewhnt.sys
[2010.10.25 21:01:20 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscewh.sys
[2010.10.25 21:01:20 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscecmnt.sys
[2010.10.25 21:01:20 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscecm.sys
[2010.10.25 21:01:01 | 000,020,480 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2010.10.25 21:01:01 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2010.10.25 21:01:01 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys
[2010.10.25 21:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010.10.25 21:00:49 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Roaming\Samsung
[2010.10.25 21:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010.10.25 21:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2010.10.25 21:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2010.10.25 21:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung
[2010.10.20 17:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ-Banner-Remover
[2010.10.18 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.10.18 18:07:37 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.10.18 18:07:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.10.18 18:07:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.10.18 05:01:32 | 000,036,864 | ---- | C] (TOSHIBA/MEI) -- C:\Windows\SysWow64\SDDEVMGR.dll
[2010.10.18 05:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2010.10.17 14:15:21 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.10.17 14:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.10.17 14:14:12 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.10.17 14:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.10.17 12:12:01 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Local\WindowsUpdate
[2010.10.16 15:07:58 | 000,161,904 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039mdm.sys
[2010.10.16 15:07:58 | 000,158,320 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039unic.sys
[2010.10.16 15:07:58 | 000,141,424 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039mgmt.sys
[2010.10.16 15:07:58 | 000,137,328 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039obex.sys
[2010.10.16 15:07:58 | 000,127,600 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039bus.sys
[2010.10.16 15:07:58 | 000,034,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039nd5.sys
[2010.10.16 15:07:58 | 000,019,568 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039mdfl.sys
[2010.10.16 15:07:58 | 000,015,984 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039whnt.sys
[2010.10.16 15:07:58 | 000,015,984 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039wh.sys
[2010.10.16 15:07:58 | 000,015,472 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039cmnt.sys
[2010.10.16 15:07:58 | 000,015,472 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039cm.sys
[2010.10.16 15:07:58 | 000,014,960 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039cr.sys
[2010.10.16 12:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010.10.16 12:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010.10.16 12:52:03 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Roaming\Winamp
[2010.10.16 12:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2010.10.14 15:52:58 | 000,000,000 | ---D | C] -- C:\Allods 2
[2010.10.13 23:53:13 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010.10.13 23:53:13 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010.10.13 23:53:13 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.10.13 23:53:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.10.13 23:53:12 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.10.13 23:53:11 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.10.13 23:53:11 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.10.13 23:53:11 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.10.13 23:53:09 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010.10.13 23:53:06 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.10.13 23:53:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.10.13 23:53:06 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.10.13 23:53:06 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.10.13 23:53:06 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.10.13 23:53:06 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.10.13 23:53:06 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.10.13 23:53:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.10.13 23:53:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.10.13 23:53:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.10.13 23:53:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.10.13 23:53:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.10.13 23:53:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.10.13 23:53:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.10.13 23:53:05 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010.10.13 23:53:04 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010.10.13 23:53:04 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010.10.13 23:53:04 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010.10.13 23:52:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010.10.13 21:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity
[2010.10.13 20:58:21 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\Links
[2010.10.13 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Roaming\Mp3tag
[2010.10.13 20:03:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2010.10.13 18:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.10.13 18:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.07 12:34:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\*NAME*\Desktop\OTL.exe
[2010.11.07 12:33:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.07 11:54:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\*NAME*\Desktop\HiJackThis204.exe
[2010.11.07 11:33:22 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.07 11:33:22 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.07 11:30:34 | 001,641,916 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.07 11:30:34 | 000,707,246 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.07 11:30:34 | 000,660,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.07 11:30:34 | 000,152,838 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.07 11:30:34 | 000,125,054 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.07 11:25:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.07 11:24:30 | 004,857,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.11.07 11:24:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.07 11:24:10 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.06 18:04:50 | 374,310,976 | ---- | M] () -- C:\Users\*NAME*\Desktop\bada_SDK_1.1.0b1.exe
[2010.11.06 17:38:06 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit_.INI
[2010.11.06 13:15:54 | 000,105,748 | ---- | M] () -- C:\Users\*NAME*\Documents\200538011517.htm
[2010.11.01 10:29:18 | 000,146,467 | ---- | M] () -- C:\Users\*NAME*\Documents\kdk_0824.jpg
[2010.10.30 14:57:08 | 000,202,024 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.29 14:30:50 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.10.29 14:30:50 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.10.29 13:55:48 | 000,264,893 | ---- | M] () -- C:\Users\*NAME*\Documents\z0r-de_765.swf
[2010.10.25 21:06:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2010.10.23 15:27:41 | 009,609,966 | ---- | M] () -- C:\Users\*NAME*\Documents\rec_venqvenq3_28_May_2010_22_43_50.mp3
[2010.10.23 15:27:41 | 001,747,374 | ---- | M] () -- C:\Users\*NAME*\Documents\rec_venqvenq3_28_May_2010_22_33_56.mp3
[2010.10.23 15:27:41 | 000,826,734 | ---- | M] () -- C:\Users\*NAME*\Documents\rec_venqvenq3_28_May_2010_22_28_22.mp3
[2010.10.23 15:27:41 | 000,487,758 | ---- | M] () -- C:\Users\*NAME*\Documents\rec_venqvenq3_28_May_2010_22_31_52.mp3
[2010.10.20 17:43:16 | 000,000,998 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.10.13 20:51:49 | 000,286,720 | ---- | M] () -- C:\Users\*NAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vlc Albumcover refresh.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.06 18:02:14 | 374,310,976 | ---- | C] () -- C:\Users\*NAME*\Desktop\bada_SDK_1.1.0b1.exe
[2010.11.06 13:15:51 | 000,105,748 | ---- | C] () -- C:\Users\*NAME*\Documents\200538011517.htm
[2010.11.01 10:29:17 | 000,146,467 | ---- | C] () -- C:\Users\*NAME*\Documents\kdk_0824.jpg
[2010.10.29 14:30:52 | 000,202,024 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.29 14:30:50 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.10.29 14:30:50 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.10.29 13:55:48 | 000,264,893 | ---- | C] () -- C:\Users\*NAME*\Documents\z0r-de_765.swf
[2010.10.26 18:28:52 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.26 18:28:51 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.25 21:06:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2010.10.13 20:45:16 | 000,286,720 | ---- | C] () -- C:\Users\*NAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vlc Albumcover refresh.exe
[2010.09.26 10:38:06 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI
[2010.09.17 19:56:08 | 001,617,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.09.17 18:54:02 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010.09.17 18:52:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.09.15 09:41:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.09.15 09:41:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.09.15 09:41:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.09.15 09:41:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.11.06 11:22:53 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Audacity
[2010.09.19 15:17:21 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.05 22:33:27 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\FileZilla
[2010.11.07 11:27:03 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\ICQ
[2010.10.13 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Mp3tag
[2010.09.21 16:29:09 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Pamela
[2010.09.20 20:56:48 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Publish Providers
[2010.10.25 21:00:49 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Samsung
[2010.09.20 21:03:54 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Sony
[2010.09.23 06:08:47 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Subversion
[2010.09.20 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Ulead Systems
[2010.09.17 18:58:56 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\W
[2010.09.17 18:58:20 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\wargaming.net
[2005.10.17 04:08:11 | 000,000,000 | RHSD | M] -- C:\Users\*NAME*\AppData\Roaming\Winbooterr
[2009.07.14 06:08:49 | 000,026,838 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

(Bei "vlc albumcover refresh" handelt es sich übrigens um keinen Virus, ist ein Programm von mir, nur das keiner denk es wäre was )
Hoffe ihr könnt mir helfen.

 

Themen zu TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe)
0xc0000006, 64-bit, 7-zip, adblock, antivir, antivir guard, audacity, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, chkdsk /f, components, converter, dateisystem, desktop, error, festplatte, firefox.exe, flash player, home, home premium, ieframe.dll, install.exe, langs, location, locker, logfile, mozilla, mp3, nicht möglich, ntdll.dll, object, oldtimer, otl.exe, plug-in, problem, programdata, programm, realtek, registry, saver, searchplugins, security, server, shell32.dll, shortcut, software, start menu, studio, svchost.exe, syswow64, usb, virus, virus gefunden, visual studio, vlc media player, webcheck, windows, windows-explorer


« gefunden: Adware.WidgiToolbar in "C:\System Volume Information\_restore..." | Merkwürdige Vorgänge bei Firefox, PC infiziert? »


Ähnliche Themen: TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe)


  1. Windows 8 Problem AppData\Roaming\5.exe
    Plagegeister aller Art und deren Bekämpfung - 11.10.2015 (10)
  2. AppData // Roaming Virus.exe?
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (11)
  3. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  4. Virus? AppData Roaming
    Plagegeister aller Art und deren Bekämpfung - 21.01.2013 (4)
  5. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio
    Log-Analyse und Auswertung - 13.01.2013 (10)
  6. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  7. c:\Users\Name\AppData\Roaming\acroiehelpe050.dll
    Log-Analyse und Auswertung - 05.12.2011 (15)
  8. acroff.dl im appdata/roaming verzeichnis
    Log-Analyse und Auswertung - 01.12.2011 (3)
  9. C:\User\msi\AppData\Roaming\UUSoQLdiE9hE.exe
    Plagegeister aller Art und deren Bekämpfung - 20.11.2010 (1)
  10. C:\Windows\system32\Winbooterr\Svchost.exe
    Log-Analyse und Auswertung - 19.11.2010 (7)
  11. Objekt: Svchost.exe Fund:TR/stuby.438272
    Log-Analyse und Auswertung - 13.09.2010 (12)
  12. Trojan.Gen in C:\Users\***\AppData\Roaming\default\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (7)
  13. C:\Users\***\AppData\Roaming\windat\svchost.exe TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (1)
  14. TR/Spy.Zb.aaw.14997 in C:\Users\ICH\appdata\Roaming\...
    Plagegeister aller Art und deren Bekämpfung - 11.07.2010 (17)
  15. Users/***/Appdata/Roaming/Winlogon.exe
    Log-Analyse und Auswertung - 04.07.2010 (7)
  16. Trojaner in AppData\Roaming
    Plagegeister aller Art und deren Bekämpfung - 01.07.2010 (7)
  17. 'C:\Users\***\AppData\Roaming\install\svchost.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe) - Hey, ich habe mir wohl mal wieder einen Virus eingefangen. Woher er stammt weiß ich leider nicht, würde mich aber mal interessieren. Hab schon einen Thread mit dem gleichen Virus - TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe)...
Archiv
Du betrachtest: TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131